Skip to main content
CVE-2025-34291 CRITICAL POC KEV PATCH THREAT GHSA Act Now

Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account takeover and remote code execution. An overly permissive CORS configuration (allow_origins='*' with allow_credentials=True) combined with a refresh token cookie configured as SameSite=None allows a malicious webpage to perform cross-origin requests that include credentials and successfully call the refresh endpoint. An attacker-controlled origin can therefore obtain fresh access_token / refresh_token pairs for a victim session. Obtained tokens permit access to authenticated endpoints - including built-in code-execution functionality - allowing the attacker to execute arbitrary code and achieve full system compromise.

RCE Langflow
NVD GitHub VulDB
CVSS 4.0
9.4
EPSS
17.6%
Threat
5.4
CVE-2025-66644 HIGH KEV PATCH THREAT Act Now

Array Networks ArrayOS AG before 9.4.5.9 contains an OS command injection vulnerability (CVE-2025-66644, CVSS 7.2) that has been actively exploited in the wild from August through December 2025. KEV-listed, this vulnerability in the VPN/SSL-VPN appliance enables authenticated attackers to execute arbitrary commands on the network edge device.

Command Injection Arrayos Ag
NVD
CVSS 3.1
7.2
EPSS
3.1%
CVE-2025-66570 CRITICAL POC PATCH Act Now

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allows attacker-controlled HTTP headers to influence server-visible metadata, logging, and authorization decisions. An attacker can inject headers named REMOTE_ADDR, REMOTE_PORT, LOCAL_ADDR, LOCAL_PORT that are parsed into the request header multimap via read_headers() in httplib.h (headers.emplace), then the server later appends its own internal metadata using the same header names in Server::process_request without erasing duplicates. Because Request::get_header_value returns the first entry for a header key (id == 0) and the client-supplied headers are parsed before server-inserted headers, downstream code that uses these header names may inadvertently use attacker-controlled values. Affected files/locations: cpp-httplib/httplib.h (read_headers, Server::process_request, Request::get_header_value, get_header_value_u64) and cpp-httplib/docker/main.cc (get_client_ip, nginx_access_logger, nginx_error_logger). Attack surface: attacker-controlled HTTP headers in incoming requests flow into the Request.headers multimap and into logging code that reads forwarded headers, enabling IP spoofing, log poisoning, and authorization bypass via header shadowing. This vulnerability is fixed in 0.27.0.

Authentication Bypass Docker Ubuntu Debian Cpp Httplib +1
NVD GitHub
CVSS 3.1
10.0
EPSS
0.0%
CVE-2025-64054 CRITICAL POC Act Now

A reflected Cross Site Scripting (XSS) vulnerability on Fanvil x210 2.12.20 devices allows attackers to cause a denial of service or potentially execute arbitrary commands via crafted POST request to the /cgi-bin/webconfig?page=upload&action=submit endpoint.

XSS Denial Of Service X210 Firmware
NVD GitHub
CVSS 3.1
9.6
EPSS
0.1%
CVE-2020-36877 CRITICAL POC Act Now

ReQuest Serious Play F3 Media Server 7.0.3 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands as the web server user. Attackers can upload PHP executable files via the Quick File Uploader page, resulting in remote code execution on the server.

PHP Command Injection RCE
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
0.6%
CVE-2025-14107 HIGH POC This Week

A security flaw has been discovered in ZSPACE Q2C NAS up to 1.1.0210050. Affected by this vulnerability is the function zfilev2_api.SafeStatus of the file /v2/file/safe/status of the component HTTP POST Request Handler. The manipulation of the argument safe_dir results in command injection. The attack may be performed from remote. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure and confirmed the existence of the vulnerability. A technical fix is planned to be released.

Command Injection Q2c Nas Firmware
NVD VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2025-14106 HIGH POC This Week

A vulnerability was identified in ZSPACE Q2C NAS up to 1.1.0210050. Affected is the function zfilev2_api.CloseSafe of the file /v2/file/safe/close of the component HTTP POST Request Handler. The manipulation of the argument safe_dir leads to command injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure and confirmed the existence of the vulnerability. A technical fix is planned to be released.

Command Injection Q2c Nas Firmware
NVD VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2025-65730 HIGH POC This Week

Authentication Bypass via Hardcoded Credentials GoAway up to v0.62.18, fixed in 0.62.19, uses a hardcoded secret for signing JWT tokens used for authentication.

Authentication Bypass Goaway
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2025-14108 HIGH POC This Week

A weakness has been identified in ZSPACE Q2C NAS up to 1.1.0210050. Affected by this issue is the function zfilev2_api.OpenSafe of the file /v2/file/safe/open of the component HTTP POST Request Handler. This manipulation of the argument safe_dir causes command injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure and confirmed the existence of the vulnerability. A technical fix is planned to be released.

Command Injection Q2c Nas Firmware
NVD VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2020-36876 HIGH POC This Week

ReQuest Serious Play F3 Media Server versions 7.0.3.4968 (Pro), 7.0.2.4954, 6.5.2.4954, 6.4.2.4681, 6.3.2.4203, and 2.0.1.823 allows unauthenticated attackers to disclose the webserver's Python debug log file containing system information, credentials, paths, processes and command arguments running on the device. Attackers can access sensitive information by visiting the message_log page.

Information Disclosure Python
NVD Exploit-DB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2020-36878 HIGH POC This Week

A remote code execution vulnerability in and script is not properly verified (CVSS 8.7). Risk factors: public PoC available.

Information Disclosure
NVD Exploit-DB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2020-36879 HIGH POC This Week

Flexsense DiskBoss 11.7.28 allows unauthenticated attackers to elevate their privileges using any of its services, enabling remote code execution during startup or reboot with escalated privileges. Attackers can exploit the unquoted service path vulnerability by specifying a malicious service name in the 'sc qc' command, allowing them to execute arbitrary system commands.

RCE
NVD Exploit-DB
CVSS 4.0
8.5
EPSS
0.1%
CVE-2025-64057 HIGH POC This Week

Directory traversal vulnerability in Fanvil x210 V2 2.12.20 allows unauthenticated attackers on the local network to store files in arbitrary locations and potentially modify the system configuration or other unspecified impacts.

Path Traversal X210 Firmware
NVD GitHub
CVSS 3.1
8.3
EPSS
0.1%
CVE-2025-65879 HIGH POC This Week

Warehouse Management System 1.2 contains an authenticated arbitrary file deletion vulnerability. The /goods/deleteGoods endpoint accepts a user-controlled goodsimg parameter, which is directly concatenated with the server's UPLOAD_PATH and passed to File.delete() without validation. A remote authenticated attacker can delete arbitrary files on the server by supplying directory traversal payloads.

Path Traversal Warehouse Management System
NVD GitHub
CVSS 3.1
8.1
EPSS
0.9%
CVE-2020-36881 HIGH POC This Week

Flexsense DiskBoss 7.7.14 contains a local buffer overflow vulnerability in the 'Input Directory' component that allows unauthenticated attackers to execute arbitrary code on the system. Attackers can exploit this by pasting a specially crafted directory path into the 'Add Input Directory' field.

Buffer Overflow RCE Diskboss
NVD GitHub Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2020-36880 HIGH POC This Week

Flexsense DiskBoss 7.7.14 contains a local buffer overflow vulnerability in the 'Reports and Data Directory' field that allows an attacker to execute arbitrary code on the system.

Buffer Overflow RCE Diskboss
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-65878 HIGH POC This Week

The warehouse management system version 1.2 contains an arbitrary file read vulnerability. The endpoint `/file/showImageByPath` does not sanitize user-controlled path parameters. An attacker could exploit directory traversal to read arbitrary files on the server's file system. This could lead to the leakage of sensitive system information.

Path Traversal Warehouse Management System
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-36882 HIGH POC This Week

Flexsense DiskBoss 7.7.14 allows unauthenticated attackers to upload arbitrary files via /Command/Search Files/Directory field, leading to a denial of service by crashing the application.

File Upload Denial Of Service Diskboss
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-64053 HIGH POC This Week

A Buffer overflow vulnerability on Fanvil x210 2.12.20 devices allows attackers to cause a denial of service or potentially execute arbitrary commands via crafted POST request to the /cgi-bin/webconfig?page=upload&action=submit endpoint.

Buffer Overflow Denial Of Service X210 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-13654 HIGH POC PATCH This Week

A stack buffer overflow vulnerability exists in the buffer_get function of duc, a disk management tool, where a condition can evaluate to true due to underflow, allowing an out-of-bounds read.

Buffer Overflow Memory Corruption Ubuntu Debian Duc +2
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-66624 HIGH POC PATCH This Week

BACnet Protocol Stack library provides a BACnet application layer, network layer and media access (MAC) layer communications services. Prior to 1.5.0.rc2, The npdu_is_expected_reply function in src/bacnet/npdu.c indexes request_pdu[offset+2/3/5] and reply_pdu[offset+1/2/4] without verifying that those APDU bytes exist. bacnet_npdu_decode() can return offset == 2 for a 2-byte NPDU, so tiny PDUs pass the version check and then get read out of bounds. On ASan/MPU/strict builds this is an immediate crash (DoS). On unprotected builds it is undefined behavior and can mis-route replies; RCE is unlikely because only reads occur, but DoS is reliable.

Buffer Overflow Information Disclosure Bacnet Stack
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-34256 CRITICAL PATCH Act Now

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a hard-coded cryptographic key vulnerability. The product uses a static HS512 HMAC secret for signing EIRMMToken JWTs across all installations. The server accepts forged JWTs that need only contain a valid email claim, allowing a remote unauthenticated attacker to generate arbitrary tokens and impersonate any DeviceOn account, including the root super admin. Successful exploitation permits full administrative control of the DeviceOn instance and can be leveraged to execute code on managed agents through DeviceOn’s remote management features.

RCE
NVD
CVSS 4.0
10.0
EPSS
0.2%
CVE-2025-12374 CRITICAL Act Now

The Email Verification, Email OTP, Block Spam Email, Passwordless login, Hide Login, Magic Login - User Verification plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.0.39. This is due to the plugin not properly validating that an OTP was generated before comparing it to user input in the "user_verification_form_wrap_process_otpLogin" function. This makes it possible for unauthenticated attackers to log in as any user with a verified email address, such as an administrator, by submitting an empty OTP value.

Authentication Bypass WordPress
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-13313 CRITICAL Act Now

The CRM Memberships plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 2.5. This is due to missing authorization and authentication checks on the `ntzcrm_changepassword` AJAX action. This makes it possible for unauthenticated attackers to reset arbitrary user passwords and gain unauthorized access to user accounts via the `ntzcrm_changepassword` endpoint, granted they can obtain or enumerate a target user's email address. The plugin also exposes the `ntzcrm_get_users` endpoint without authentication, allowing attackers to enumerate subscriber email addresses, facilitating the exploitation of the password reset vulnerability.

Privilege Escalation Authentication Bypass WordPress
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-66550 MEDIUM POC PATCH This Month

A security vulnerability in Nextcloud Calendar (CVSS 5.7). Risk factors: public PoC available. Vendor patch is available.

Information Disclosure Calendar Nextcloud
NVD GitHub
CVSS 3.1
5.7
EPSS
0.0%
CVE-2025-66562 CRITICAL PATCH Act Now

TUUI is a desktop MCP client designed as a tool unitary utility integration.

XSS RCE Tuui
NVD GitHub VulDB
CVSS 3.1
9.6
EPSS
0.4%
CVE-2025-6966 MEDIUM POC PATCH This Month

NULL pointer dereference in TagSection.keys() in python-apt on APT-based Linux systems allows a local attacker to cause a denial of service (process crash) via a crafted deb822 file with a malformed non-UTF-8 key.

Null Pointer Dereference Python Denial Of Service Ubuntu Debian +3
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-66577 MEDIUM POC PATCH This Month

A security vulnerability in cpp-httplib (CVSS 5.3) that allows attacker-controlled http headers. Risk factors: public PoC available. Vendor patch is available.

Docker Information Disclosure Ubuntu Debian Cpp Httplib +1
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-64052 MEDIUM POC This Month

An issue was discovered in Fanvil x210 V2 2.12.20 allowing unauthenticated attackers on the local network to execute arbitrary system commands.

Command Injection X210 Firmware
NVD GitHub
CVSS 3.1
5.1
EPSS
0.1%
CVE-2025-65897 HIGH PATCH This Week

zdh_web is a data collection, processing, monitoring, scheduling, and management platform. In zdh_web thru 5.6.17, insufficient validation of file upload paths in the application allows an authenticated user to write arbitrary files to the server file system, potentially overwriting existing files and leading to privilege escalation or remote code execution.

Privilege Escalation Path Traversal File Upload RCE Zdh Web
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2025-12181 HIGH This Week

The ContentStudio plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the cstu_update_post() function in all versions up to, and including, 1.3.7. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

File Upload WordPress RCE
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-12154 HIGH This Week

The Auto Thumbnailer plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uploadThumb() function in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

File Upload WordPress RCE PHP
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-12153 HIGH This Week

The Featured Image via URL plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation function in all versions up to, and including, 0.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

File Upload WordPress RCE PHP
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-13066 HIGH This Week

The Demo Importer Plus plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 2.0.6. This is due to insufficient file type validation detecting WXR files, allowing double extension files to bypass sanitization while being accepted as a valid WXR file. This makes it possible for authenticated attackers, with author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

File Upload WordPress RCE PHP
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-12879 HIGH This Week

The User Generator and Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.2.2. This is due to missing nonce validation in the "Import Using CSV File" function. This makes it possible for unauthenticated attackers to elevate user privileges by creating arbitrary accounts with administrator privileges via a forged request, provided they can trick a site administrator into performing an action such as clicking on a link.

CSRF WordPress PHP
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-13426 HIGH This Week

A vulnerability exists in Google Apigee's JavaCallout policy https://docs.apigee.com/api-platform/reference/policies/java-callout-policy that allows for remote code execution. It is possible for a user to write a JavaCallout that injected a malicious object into the MessageContext to execute arbitrary Java code and system commands at runtime, leading to unauthorized access to data, lateral movement within the network, and access to backend systems. The Apigee hybrid versions below have all been updated to protect from this vulnerability: * Hybrid_1.11.2+ * Hybrid_1.12.4+ * Hybrid_1.13.3+ * Hybrid_1.14.1+ * OPDK_5202+ * OPDK_5300+

Authentication Bypass Google Java RCE
NVD
CVSS 4.0
8.7
EPSS
0.5%
CVE-2025-65036 HIGH PATCH This Week

XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Prior to 1.27.1, the macro executes Velocity from the details pages without checking for permissions, which can lead to remote code execution. This vulnerability is fixed in 1.27.1.

Authentication Bypass Atlassian RCE Pro Macros
NVD GitHub
CVSS 3.1
8.3
EPSS
0.7%
CVE-2025-64056 MEDIUM POC This Month

File upload vulnerability in Fanvil x210 V2 2.12.20 allows unauthenticated attackers on the local network to store arbitrary files on the filesystem.

File Upload Authentication Bypass X210 Firmware
NVD GitHub
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-12189 MEDIUM POC This Month

The Bread & Butter: Gate content + Capture leads + Collect first-party data + Nurture with Ai agents plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.10.1321.

CSRF WordPress RCE
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-58098 HIGH POC PATCH This Week

CVE-2025-58098 is a security vulnerability (CVSS 8.3). High severity vulnerability requiring prompt remediation.

Information Disclosure Apache Ubuntu Debian Http Server +3
NVD GitHub
CVSS 3.1
8.3
EPSS
0.0%
CVE-2025-66566 HIGH PATCH This Week

yawkat LZ4 Java provides LZ4 compression for Java. Insufficient clearing of the output buffer in Java-based decompressor implementations in lz4-java 1.10.0 and earlier allows remote attackers to read previous buffer contents via crafted compressed input. In applications where the output buffer is reused without being cleared, this may lead to disclosure of sensitive data. JNI-based implementations are not affected. This vulnerability is fixed in 1.10.1.

Information Disclosure Java Ubuntu Debian Red Hat +1
NVD GitHub
CVSS 4.0
8.2
EPSS
0.1%
CVE-2025-12851 HIGH This Week

The My auctions allegro plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.6.32 via the 'controller' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.

PHP WordPress RCE Information Disclosure LFI
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2025-13614 HIGH This Week

The Cool Tag Cloud plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cool_tag_cloud' shortcode in all versions up to, and including, 2.29 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

WordPress XSS PHP
NVD
CVSS 3.1
8.1
EPSS
0.0%
CVE-2024-9183 HIGH PATCH This Week

A security vulnerability in GitLab CE/EE affecting all (CVSS 7.7). High severity vulnerability requiring prompt remediation.

Information Disclosure Gitlab Debian
NVD
CVSS 3.1
7.7
EPSS
0.0%
CVE-2025-12850 HIGH This Week

The My auctions allegro plugin for WordPress is vulnerable to SQL Injection via the ‘auction_id’ parameter in all versions up to, and including, 3.6.32 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

WordPress SQLi PHP
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-55753 HIGH POC PATCH This Week

An integer overflow in the case of failed ACME certificate renewal leads, after a number of failures (~30 days in default configurations), to the backoff timer becoming 0. Attempts to renew the certificate then are repeated without delays until it succeeds. This issue affects Apache HTTP Server: from 2.4.30 before 2.4.66. Users are recommended to upgrade to version 2.4.66, which fixes the issue.

Buffer Overflow Integer Overflow Apache Ubuntu Debian +4
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-59775 HIGH POC PATCH This Week

Server-Side Request Forgery (SSRF) vulnerability  in Apache HTTP Server on Windows with AllowEncodedSlashes On and MergeSlashes Off  allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.66, which fixes the issue.

Microsoft Apache SSRF Ubuntu Debian +5
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-66418 HIGH PATCH This Week

urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massive memory allocation for the decompressed data. This vulnerability is fixed in 2.6.0.

Python Denial Of Service Ubuntu Debian Urllib3 +2
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-66471 HIGH PATCH This Week

A security vulnerability in version 1.0 and (CVSS 7.5). High severity vulnerability requiring prompt remediation. Vendor patch is available.

Information Disclosure Python Ubuntu Debian Urllib3 +2
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-66554 LOW POC PATCH Monitor

Contacts app for Nextcloud easily syncs contacts from various devices with your Nextcloud and allows editing. Prior to 5.5.4, 6.0.6, and 7.2.5, a malicious user was able to modify their organisation and title field to load additional CSS files. Javascript and other options were correctly blocked by the content security policy of the Nextcloud Server code. This vulnerability is fixed in 5.5.4, 6.0.6, and 7.2.5.

XSS Nextcloud
NVD GitHub
CVSS 3.1
3.5
EPSS
0.0%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy